Return Access-Accept on EAP even when using invalid credentials

Our idea is to accept users despite they have entered invalid credentials when trying to logging on Wi-Fi networks. We plan to give them an Access-Accept and some default attributes, i.e VLAN, to help them to reset their passwords.

Is this possible when doing PEAP-MSCHAPv2 or similar? (without having the plain text password)

We tried to return an Access-Accept when EAP fails but MS-MPPE-Send-Key and MS-MPPE-Recv-Key keys are not exchanged due the failure of the protocol so clients get disconnected.

Leave a Comment